document-933340782.xlsm

Status: finished

Submission Time: 07.04.2021 10:46:00

Malicious

Exploiter

Evader

Hidden Macro 4.0

Comments

Tags

Details

Analysis ID:
383151
API (Web) ID:
668443
Analysis Started:

07.04.2021 10:46:01
Analysis Finished:

07.04.2021 11:00:16
MD5:
766f5bb363db9a966b613a42a118798a
SHA1:
57e67742fd7e7fa0badddca5b2cceb4cf09048a7
SHA256:
9952ce93009bb9fe2b687053da8db61f551cd524ca2691669257c35aaba18832
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports
				System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)		88/100
				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Run Condition: Potential for more IOCs and behavior		88/100
						23/62
						7/37
						14/29

IPs

IP	Country	Detection
103.68.166.129	Singapore
143.95.33.96	United States
66.36.231.40	United States
Click to see the 2 hidden entries
50.23.112.133	United States
31.170.166.139	United States

Domains

Name	IP	Detection
holmesservices.mobiledevsite.co	103.68.166.129
kristen.sbddev.com	50.23.112.133
tienda.ventadigital.com.ar	31.170.166.139
Click to see the 2 hidden entries
nellaimasthanbiryani.com	66.36.231.40
thirdstringcalifornia.com	143.95.33.96

URLs

Name	Detection
http://tienda.ventadigital.com.ar/ds/2803.gif
http://nellaimasthanbiryani.com/ds/2803.gif
http://thirdstringcalifornia.com/ds/2803.gif
Click to see the 11 hidden entries
http://holmesservices.mobiledevsite.co/ds/2803.gif
http://kristen.sbddev.com/ds/2803.gif
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.windows.com/pctv.
http://investor.msn.com
http://www.msnbc.com/news/ticker.txt
http://www.icra.org/vocabulary/.
http://investor.msn.com/
http://kristen.sbddev.com/cgi-sys/suspendedpage.cgi
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\Desktop\~$document-933340782.xlsm	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\suspendedpage[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2D8BBC4.png	PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced	#
Click to see the 9 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7387CA72.png	PNG image data, 485 x 185, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\75F3850F.png	PNG image data, 205 x 58, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D5F5A0F5.png	PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\C1DE0000	data	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Apr 7 16:46:39 2021, atime=Wed Apr 7 16:46:39 2021, length=12288, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-933340782.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13 2020, mtime=Wed Apr 7 16:46:39 2021, atime=Wed Apr 7 16:46:39 2021, length=108482, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\Desktop\82DE0000	data	#
C:\Users\user\iekdhfe.dsk	HTML document, ASCII text, with very long lines	#